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DETAILED ACTION 



1 . Claims 1-19, 28-45 are pending. 



Response to Arguments 



2. Applicant's amendments to the claims 1,2, 12, 13 include a statement similar to 
"Receiving a first item of authorization information from a first type of information authority, 
the first item of authorization information being associated with a first one of the items of 
protected information provided by a vendor of the first one of the items of protected 
information" 

The examiner maintains that vendor is a broad term that can be construed as simply being a 
distributor or dispenser of the information. For example a private key generated through a 
cryptographic algorithm can easily be construed to be a vendor of that private key, as can central 
authority, or even a user. 

Applicant argues on page 17, 3rd paragraph 

"Caputo fails to teach or suggest the claimed invention, which authorizes the use of software and 
data on a computer as claimed." 

The examiner maintains that Caputo does indeed authorize the use of software, as recited in 
(Column 5, lines 7-12) 

The device authorizes the use of software by first authenticating the user. 
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Other arguments and objections by Applicant are addressed in the Claim rejections below. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

4. Claims 1-19, 28-29, 31-33, 35-45 are rejected under 35 USC § 102(b) as being 
anticipated by Caputo, US patent 5,778,071. 

In reference to claim 1 : 

Caputo discloses a method for selectively authorizing a host system to use one or more items of 
protected information including software, where the software an application program (column 5, 
lines 7-12), comprising: 

• Coupling the portable authorization device to the host system (Column 5, lines 57-64) 

• Receiving a first item of authorization information from a first type of information 
authority, the first item of authorization information being associated with a first one of 
the items of protected information provided by a vendor of the first one of the items of 
protected information, where the first item of authorization information is the Challenge, 
received from the Challenger, where the challenger is a vendor of this protected 
information. (Column 17, lines 33-56) 

• Receiving a second item of authorization information from a second type of information 
authority, the second item of authorization information being associated with a second 




• 
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one of the items of protected information and provided by a vendor of the second one of 
the items of protected information, where the second item of authorization information is 
the PIN received from the user, where the PIN is provided by the user or a vendor of the 
Smartcards with PINs stored on them. (Column 17, lines 33-56) & (Column 14, lines 52- 



• Selectively authorizing the host system to use the one or more items of protected 
information based upon the first or second items of authorization information being 
stored therein, where the host system is authorized to use the one or more items of 
protected information, such as the application program, based upon the first or second 
item of authentication information, the PIN or the Challenge. (Column 17, lines 45-56) 

In reference to claim 2: 

Caputo discloses a portable authorization device for selectively authorizing a host system to use 
one or more items of protected information, including software, where the software is an 
application program (column 5, lines 7-12), 
comprising: 

• A processing unit; Caputo(Figure 2, Item 164) 

• A storage medium operatively coupled to the processing unit; Caputo (Figure 2, Item 



• A first interface operative in conjunction with the processing unit and the storage medium 
for receiving a first item of authorization information from a first type of information 



65) 



166) 



Application/Control Number: 09/503,778 Page 5 

Art Unit: 2134 

authority, where the first interface is the smartcard interface and the first type of 
information authority is the smartcard. Caputo(Figure 2, Item 178) 

o The first item of authorization information being associated with a first one of the 
items of protected information and provided by a vendor of the first one of the 
items of protected information, where the first item of authorization information is 
the Challenge, received from the Challenger, where the challenger is a vendor of 
this protected information. (Column 17, lines 33-56) 

• A second interface operative in conjunction with the processing unit and the storage 
medium for receiving a second item of authorization information from a second type of 
information authority, where the second interface is the Modem or network interface. 
Caputo(Figure 2, Item 160) 

o The second item of authorization information being associated with a second one 
of the items of protected information and provided by a vendor of the second one 
of the items of protected information, where the second item of authorization 
information is the PIN received from the user, where the PIN is provided by the 
user or a vendor of the Smartcards with PINs stored on them. (Column 17, lines 
33-56) & (Column 14, lines 52-65) 

• A third interface operative in conjunction with the processing unit and the storage 
medium for communicating with the host system to selectively authorize the host system 
to use the one or more items of protected information based upon the first or second items 
of authorization information being stored therein. Caputo(Figure 2, Item 12) 
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• Wherein the portable authorization device is removably couplable to the host system 
through the third interface. Caputo(Figure 2, Item 12) & Caputo(Figure 1 A, Item 12) 

In reference to claim 3: 

Caputo discloses a device wherein: 

• The first interface comprises a direct information authority interface program 
Caputo(Column 10, lines 24-21) 

• The first type of information authority comprises a direct information authority 
operatively coupled directly to the portable authorization device Caputo(Figure 1C) 

• The second and third interfaces each comprise a same host system interface program. 
Caputo(column 9, lines 28-32) 

• The second type of information authority comprises an indirect information authority 
operatively coupled directly to the portable authorization device, where the indirect 
information authority is a network that is operatively coupled to the device. 
Caputo(Figure 3) 

In reference to claim 4: 

Caputo discloses a portable authorization device, wherein the indirect information authority 
comprises a computer system coupled to the host system via a network. Caputo(Figure 3) 



In reference to claim 5: 



Application/Control Number: 09/503,778 Page 7 

Art Unit: 2134 

Caputo disclose a portable authorization device, wherein the indirect information authority 
comprises data stored on a magnetic storage medium, where the magnetic storage medium may 
be information stored on another computer on the network. Caputo(Figure 3, Item 36) 

In reference to claim 6: 

Caputo disclose a portable authorization device further comprising: 

• A host authorizer operative in conjunction with the processing unit and the third interface 
for selectively authorizing the host system to use the one or more items of protected 
information based upon the first or second items of authorization information, 

where the network or computer is made accessible once the verification process is successful, 
and the authorizer acted in response to information from the smartcard and/or network and 
other information sources. Caputo(column 17, lines 51-56) 

In reference to claim 7: 

Caputo(column 9, lines 28-32) disclose a device wherein the host authorizer is a software 
program operatively stored in the storage unit. 

In reference to claim 8: 

Caputo discloses a device wherein: 

• The first and second items of authorization information comprise first and second key 
selectors, respectively, where the first information authority, the smartcard, and the 
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second information authority, the network, both contains a key selectors. Caputo 
(Column 14, lines 55-57) & (Column 17,lines 44-54) 
• The host authorizer in conjunction with the processing unit and the third interface 
operatively generates a key based upon the first of second key selectors and selectively 
authorizes the host system to use the one or more items of protected information based 
upon the key, where the host authorizer responds to the challenge by establishing or 
"generating" the right key and then returned to the challenger that the device possesses 
the right key. If verification is successful, the network may authorize the host system to 
use the items of protected information, the accessibility of the network, or computer 
software. Caputo(Column 17, lines 37-56) 

In reference to claim 9: 

Caputo disclose a portable authorization device, wherein: 

the first interface is configured to conduct a challenge response transaction with the first type of 
information authority, where the first information authority is the smartcard, and the first 
interface is the Item 178 of Figure 2, the smartcard interface. Caputo (Column 17, lines 37-44) 

In reference to claim 10: 

Caputo discloses a portable authorization device wherein: 

the second interface is configured to conduct a challenge-response transaction with the second 
type of information authority, where the second interface is the network interface which receives 
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the challenge from the network and the second type of information authority is the network. 
Caputo (Column 17, lines 30-35) 

In reference to claim 1 1 : 

Caputo discloses a portable authorization device wherein: 

the third interface is configured to conduct a challenge-response transaction with the host system, 
where the third interface is the interface that communicates with the host system and passes an 
acknowledgement to the host system as part of the challenge-response transaction. (Column 17, 
lines 51-56) 

In reference to claim 12: 

Caputo discloses an authorization system for selectively authorizing a host system to use one or 
more items of protected information, comprising: 

• An access control mechanism associated with the host system for receiving a first item of 
authorization information from a first type of information authority operatively coupled 
to the host system and for forwarding the item of authorization information to the 
portable authorization device, where the host system receives items of authorization 
information from an information authority, or user, and the information is sent to the 
device. Caputo (Column 15, lines 19-24) 

o The first item of authorization information being associated with a first one of the 
items of protected information and provided by a vendor of the first one of the 
items of protected information, where the first item of authorization information is 
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the Challenge, received from the Challenger, where the challenger is a vendor of 
this protected information. (Column 17, lines 33-56) 

• A portable authorization device removably couplable to the host system for receiving the 
first item of authorization information from the access control mechanism and for 
selectively authorizing the host system to use the one or more items of protected 
information based upon the first item of authorization information being stored therein, 
where the device receives the information from host system, and the end result of the 
device is to authorize the host system to use one or more items of protected information, 
such as the transmission of encrypted data Caputo (Column 15, lines 19-24), and where 
the data stored therein is the PIN and stored in the device. (Column 14, lines 52-65) 

In reference to claim 13: 

Caputo discloses an authorization system wherein: 

o The portable authorization device is configured to also receive a second item of 
authorization information from a second type of information authority operatively 
coupled to the portable authorization device and, the second item of authorization 
information being associated with a second one of the items of protected 
information and provided by a vendor of the second one of the items of protected 
information, where the second item of authorization information is the PIN 
received from the user, where the PIN is provided by the user or a vendor of the 
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Smartcards with PINs stored on them. (Column 17, lines 33-56) & (Column 14, 
lines 52-65) 

• And furthermore, is configured to selectively authorize the host system to use the one or 
more items of protected information based upon the first or second items of authorization 
information, where the device, referred to as "device 10" in Caputo, may additionally 
accept authorization information from a smartcard. (Caputo Figure 1C) 



In reference to claim 14: 

Caputo discloses a portable authorization device for selectively authorizing a host system to use 
one or more items of protected information, comprising: 

• A processing unit; Caputo(Figure 2, Item 164) 

• A storage medium operatively coupled to the processing unit; Caputo (Figure 2, Item 
166) 

• A first interface operative in conjunction with the processing unit and the storage medium 
for receiving a key selector from an information authority; Caputo(Figure 2, Item 178) 
where the first interface is the smartcard interface, the storage medium and the 
information authority are the smartcard. 

o The key selector being associated with a first one of the items of protected 
information and provided by a vendor of the first one of the items of protected 
information, where the key selector is the PIN that unlocks the private key. 
(Column 14, lines 52-65) 
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• A host authorizer operative in conjunction with the processing unit and the storage 
medium for generating a key based upon the key selector. Caputo(Figure 8, Item 128) 

• A second interface operative in conjunction with the processing unit and the storage 
medium for communicating with the host system to selectively authorize the host system 
to use the one or more items of protected information based upon the key. Caputo 
(Figure 2, Item 174) 



In reference to claim 15: 

Caputo discloses a portable authorization device wherein: 

• The first interface comprises an information authority interface; Caputo(Figure 2, Item 
178) 

• And the second interface comprises a host system interface. Caputo(Figure 2, Item 174) 
In reference to claim 16: 

Caputo discloses a portable authorization device for selectively authorizing a host system to use 
a plurality of items of protected information, comprising: 

• A processing unit ; Caputo(Figure 2, Item 164) 

• A storage medium operatively coupled to the processing unit for storing one or more 
items of blended authorization information, each item of blended authorization 
information being derived from a plurality of items of authorization information, where 
the storage medium is the ROM/RAM and stores items of blended information that may 



w 

Application/Control Number: 09/503,778 Page 13 

Art Unit: 2134 

be received from a network, a user, a smartcard, or the host computer. Caputo(Figure 2, 
Item 166) 

• An unblending mechanism operative in conjunction with the processing unit and the 
storage medium for regenerating at least one of the plurality of items of authorization 
information from the one or more items of blended authorization information, where the 
authorization information is processed and "unblended" into the conceptual diagram of 
figure 4B, where the authorization information is encrypted or decrypted and where the 
private key may be "regenerated" when needed in the authorization process. 
Caputo(Figure 4B) 

• A host system interface operative in conjunction with the processing unit and the storage 
medium for communicating with the host system to selectively authorize the host system 
to use an item of protected information based upon the at least one item of authorization 
information Caputo(Figure 2, Item 174) 

• Wherein the portable authorization device is removably couplable to the host system 
through the host system interface. Caputo(Figure ID, Item 12) 



In reference to claim 17: 

Caputo discloses a portable authorization device wherein: 

• Each item of blended authorization information is derived from the two or more items of 
authorization information by performing an arithmetic operation on the two or more 
items of authorization information, where the arithmetic operation is a modulus, and the 
items of authorization information are the PIN and the challenge received, and the 
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blended authorization information may be the key, the encrypted data, encrypted using 
the key, or the final verification itself, which is also derived from two or more items of 
authorization information. Caputo (Column 17, lines 40-56) 



In reference to claim 1 8: 

Caputo discloses a method for operating a portable authorization device for selectively 
authorizing a host system to use one or more items of protected information comprising the steps 
of: 

• Coupling the portable authorization device to the host system; Caputo(Figure 2, Item 12) 

• Receiving a plurality of items of authorization information, where the items of 
authorization are the PIN, the key, and the challenge. Caputo(Column 17, Lines 37-56) 

• Generating one or more items of blended authorization information from the plurality of 
items of authorization information, where the blended information is the encrypted key 
and PIN sent back in response to the challenge. Caputo(Column 17, Lines 37-56) 

• Storing the one or more items of blended authorization information in a storage medium, 
where the authorization information is stored in the memory of the portable authorization 
device. Caputo(Column 17, Lines 37-56) 

• Retrieving one or more of the items of blended authorization information from the 
storage medium. Caputo(Column 17, Lines 37-56) 

• Regenerating at least one of the plurality of items of authorization information from the 
one or more items of blended authorization information, where the challenger receives 
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the information and regenerates the data by decrypting it. Caputo(Column 17, Lines 37- 
56) 

• Selectively authorizing the host system to use an item of protected information based 
upon the at least one item of authorization information. Caputo(Column 17, Lines 37-56) 

In reference to claim 19: 

Caputo discloses a portable authorization device for selectively authorizing a host system to use 
one or more items of protected information, comprising: 

• A processing unit; Caputo(Figure 2, Item 164) 

• A first storage medium operatively coupled to the processing unit for storing one or more 
encoded items of authorization information; Caputo(Figure 2, Item 166) 

• A second storage medium operatively coupled to the processing unit for storing decoding 
information used to decode the one or more encoded items of authorization information, 
wherein the second storage medium is accessible by the processing unit only if the 
processing unit receives proper authorization; Caputo(Column 14, Lines 57-65) 

• A decoding mechanism operative in conjunction with the processing unit and the first and 
second storage media for decoding at least one of the one or more encoded items of 
authorization information to produce at least one respective item of authorization 
information, where the data is taken from the storage medium from the ROM/RAM, and 
the smartcard, and enters a decryption module, or decoding mechanism. Caputo(Figure 
4A) 
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• An interface operative in conjunction with the processing unit for communicating with 
the host system to selectively authorize the host system to use an item of protected 
information based upon the at least one item of authorization information. Caputo(Figure 
2, Item 174) 

Claims 20-27 have been canceled. 

In reference to claim 28: 

Caputo discloses a portable security device removably coupled to a computer system for 
selectively authorizing the computer system to use multiple items of protected information, 
comprising: 

• A processing unit. (Figure 2, item 164) 

• At least one storage medium couple to the processing unit. (Figure 2, Item 166) 

• An interface capable of receiving multiple items of authorization information that are 
associated with respective ones of the multiple items of protected information(Figure 2, 
items 178, 160, 176, 174), wherein the multiple items of authorization information are 
stored within the at least one memory (Figure 2, Items 166) 

• An interface program for selectively authorizing the computer system to use one of the 
items of protected information based upon the corresponding item of authorization 
information being stored in memory, where the interface program is the authorization 
software(Column 5, lines 7-13), the protected information is the application program, and 
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the permission is based on authentication by PIN and challenge. (Column 17, lines 32- 



In reference to claim 29: 

Caputo discloses a method wherein the multiple items of authorization information comprise key 
selectors, where the multiple items of authorization information includes challenge and the PIN 
(Column 17, lines 32-56), and the PIN is the key selector (Column 14, lines 52-65) 

In reference to claim 3 1 : 

Caputo discloses a method wherein the multiple items of authorization information comprise one 
or more secret keys(Column 13, lines 44-45), and the secret key is used in the authorization 
process as a digital signature verification. (Column 1 1, lines 49-59) 

Claim 32 is a method substantially similar to the device of claim 28 and is rejected for the same 
reasons. 

Claim 33 is rejected for the same reasons as claim 29. 
Claim 35 is rejected for the same reasons as claim 31. 



56) 



In reference to claim 36: 
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Caputo discloses a method for selectively authorizing the use of multiple items of protected 
information on a computer system, the method comprising the steps of: 

• Providing a portable security device with at least one memory containing a shared secret 
and space for multiple key selectors, one key selector for each item of protected 
information, and at least one I/O port, whereby the key selectors can be downloaded into 
the security device, and communications can be established with the computer system, 
where the memory can hold a plurality of shared secrets and key selectors, and the key 
selectors may be downloaded into the device through user entry (Column 14, lines 52-65) 
& (Figure 2) 

• Receiving by the portable security device an authorization request from the computer 
system to authorize use of a particular one of the items of protected information, where 
the authorization request is the challenge. (Column 17, lines 32-56) 

• Using the stored key selector corresponding to the particular one of the items and the 
shared secret to generate authorizing information, wherein the computer system validates 
the authorizing information and releases the particular one of the items of protected 
information for use, where the shared secret is used for generating authorizing data 
through digital signature(Column 11, lines 49-59), and where the computer validates the 
information (Column 17, lines 32-56), and allows usage of protected information 
(Column 5, lines 7-12) 



In reference to claim 37: 
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Caputo discloses a method further including the step of providing the key selectors to the 
portable security device memory using external information authorities within a secure 
transaction, where the external information authority is the user and the key selector entered into 
the portable security device is the PIN. (Column 17, lines 32-56) 

In reference to claim 38: 

Caputo discloses a method further including the step of receiving a random challenge from the 
information authority, using the shared secret to encrypt the response, and validating by the 
information authority the response by decrypting with the shared secret, where the challenger 
issues the challenge, and the response is encrypted (Column 17, lines 32-56), and decrypted for 
verification (Column 16, lines 51-54) 

In reference to claim 39: 

Caputo discloses a method where the shared secret is an encryption key. (Column 13, lines 44- 
48) 

In reference to claim 40: 

Caputo discloses the method further including the step of transforming the received key selector 
into an authorizing key using the shared secret key, where the received key selector is the PIN, 
the authorizing key is authentication process ACK, and the shared secret key is used to encrypt 
the PIN (Column 17, lines 39-56) 
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In reference to claim 41 : 

Caputo discloses a method where the authorization request is a randomly generated challenge 
number. (Column 17, lines 32-39) 

In reference to claim 42: 

Caputo discloses a method where the authorization information is generated by using the 
challenge and the authorizing key, where the authorizing key is the key used to encrypt the 
communications. (Column 17, lines 32-56) 

In reference to claim 43 : 

Caputo discloses a method further including the step of encrypting the key selectors before 
storing in the portable security device memory, where the PIN as the key selector is preloaded 
into the memory. (Column 17, lines 24-27) 

In reference to claim 44: 

Caputo discloses a method further including the step of storing the key selectors in a merged 
pool in memory using a blending algorithm, whereby an individual key selector cannot be 
extracted from a specific location in memory, where the key selector is PIN is stored in an 
encrypted format (Column 13, lines 40-45) using DES (Column 11, line 5). Because DES, uses 
a series of S-BOXes and rotating bits, the key selector or PIN is blended and cannot be extracted 
from any specific location in memory. Examiner further notes, that any common encryption 
method involving the use of block ciphers would meet the "blending" of claim 44. 
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In reference to claim 45: 

Caputo discloses a method further including the step of receiving the multiple items of 
information from multiple information authorities, where the multiple items of information are 
they challenge and the PIN. (Column 17, lines 32-56) 

Claim Rejections - 35 USC§ 103 
5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 30, 34 are rejected in view of Caputo, 
In reference to claim 30: 

Caputo discloses a method wherein selective authorization is given to the computer system to use 
multiple items of protected information based upon the key. (Column 17, lines 32-56) 

Caputo fails to explicitly disclose a method wherein a key is generated within the portable 
security device based upon the key selectors. 





Application/Control Number: 09/503,778 



Page 22 



Art Unit: 2134 

The examiner takes official notice that generating a key in either side of an authentication 
scheme was well known at the time of invention. Authentication involves either then 
authentication, and subsequent authorization of either the client, the server, or the client and 
server. Public key authentication schemes in particular often use a key generation technique in 
which the key is generated on both sides using a seed or initial value to avoid the key from being 
compromised through insecure transmission. 

It would have been obvious to one of ordinary skill in the art at the time of invention to generate 
the key inside of the portable device in order to avoid transmitting the key over an insecure line 
and leave the possibility open for the private key becoming compromised. 

Claim 34 is rejected for the same reasons as claim 30. 



examiner should be directed to Thomas M Ho whose telephone number is (703)305-8029. The 
examiner can normally be reached on M-F from 8:30am - 5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A. Morse can be reached at (703)308-4789. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703)746-7239 for regular 
communications and (703)746-7238 for After Final communications. 



Conclusion 



6. 



Any inquiry concerning this communication or earlier communications from the 
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Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703)306-5484. 

TMH 

April 16 th , 2004 




